> On 22 Nov 2023, at 14:30, Aleksander Alekseev <aleksan...@timescale.com> > wrote: > > Hi, > >> When the scram_iterations value is set too large, the backend would hang for >> a long time. And we can't use Ctrl+C to cancel this query, cause the loop >> don't >> process signal interrupts. >> >> Add CHECK_FOR_INTERRUPTS within the loop of scram_SaltedPassword >> to handle any signals received during this period may be a good choice. >> >> I wrote a patch to solve this problem. What's your suggestions? > > Thanks for the patch. > > It sort of makes sense. I wonder though if we should limit the maximum > number of iterations instead. If somebody specified 1_000_000+ > iteration this could also indicate a user error.
I don't think it would be useful to limit this at an arbitrary point, iteration count can be set per password and if someone want a specific password to be super-hard to brute force then why should we limit that? > If we want to add CHECK_FOR_INTERRUPTS inside the loop I think a brief > comment would be appropriate. Agreed, it would be helpful. -- Daniel Gustafsson
